Multi-level independent security architecture

ABSTRACT

A system includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.

RELATED APPLICATIONS

This application is a continuation application and claims the benefit,and priority benefit, of U.S. patent application Ser. No. 15/355,303,filed Nov. 18, 2016, which is a continuation application and claims thebenefit, and priority benefit, of U.S. patent application Ser. No.14/198,097, filed Mar. 5, 2014, which claims the benefit and prioritybenefit of U.S. Provisional Application Ser. No. 61/807,005, filed Apr.1, 2013, entitled “MULTI-LEVEL INDEPENDENT SECURITY ARCHITECTURE,” byRichard J. Takahashi, the entire contents of which applications areincorporated by reference as if fully set forth herein.

This application is related to U.S. Non-Provisional Application Ser. No.14/177,392, filed Feb. 11, 2014, entitled “SECURITY DEVICE WITHPROGRAMMABLE SYSTOLIC-MATRIX CRYPTOGRAPHIC MODULE AND PROGRAMMABLEINPUT/OUTPUT INTERFACE,” by Richard J. Takahashi, the entire contents ofwhich application is incorporated by reference as if fully set forthherein.

FIELD OF THE TECHNOLOGY

At least some embodiments disclosed herein relate to security processingin general, and more particularly, but not limited to, securityprocessing (e.g., encryption and/or decryption) of data using keysselected for different levels of security classification.

BACKGROUND

Existing military-intelligence systems require physically isolated,protected data storage sites for each level of classified data. Thisrequires separated storage systems for each level of classified data.This is a costly method to store data and access data. In addition,sharing cross-domain information (e.g., sharing data between classifiedsystems) is slow and cumbersome in a world where minutes can make asignificant difference in the results achieved.

SUMMARY OF THE DESCRIPTION

Systems and methods to provide security processing of data (e.g.,packets) having different levels of security classification using asecurity device are described herein. Some embodiments are summarized inthis section.

In one embodiment, a system includes: a plurality of data input ports,each port corresponding to one of a plurality of different levels ofsecurity classification; a security device, configured for cryptographicprocessing, coupled to receive incoming data from each of the pluralityof input ports, wherein the incoming data includes first data having afirst classification level; a key manager configured to select a firstset of keys from a plurality of key sets, each of the key setscorresponding to one of the different levels of security classification,wherein the first set of keys is used by the security device to encryptthe first data; and a common encrypted data storage, coupled to receivethe encrypted first data from the security device for storage.

In one embodiment, a method includes: receiving incoming data from aplurality of data ports, each port corresponding to one of a pluralityof different levels of security classification, wherein the incomingdata includes first data having a first classification level; encryptingthe first data using a first set of keys, the first set of keys selectedfrom a plurality of key sets, each of the key sets corresponding to oneof the different levels of security classification; and writing theencrypted first data into a common encrypted data storage.

In one embodiment, a security device includes: a plurality of dataports, each port corresponding to one of a plurality of different levelsof security classification; a plurality of cryptographic modules, eachcryptographic module dedicated to perform encryption and decryption forone of the different levels of security classification, eachcryptographic module coupled to receive incoming data from one of theplurality of data ports, and the incoming data including first datahaving a first classification level; at least one key cache storing aplurality of key sets, each of the key sets corresponding to one of thedifferent levels of security classification, wherein a first set of keysis selected from the plurality of key sets to encrypt the first data bya first cryptographic module of the cryptographic modules; and a packetwrite engine, included in the first cryptographic module, configured tosend the encrypted first data to a common data storage.

The disclosure includes methods and apparatuses which relate to and/orperform the above. Other features will be apparent from the accompanyingdrawings and from the detailed description which follows.

BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments are illustrated by way of example and not limitation inthe figures of the accompanying drawings in which like referencesindicate similar elements.

FIG. 1 shows a security processing system including a security devicewith a plurality of programmable cryptographic modules and aprogrammable input/output interface, according to one embodiment.

FIG. 2 shows a systolic-matrix security processing system for receivingand encrypting data packets from a non-encrypted data source, andconcurrently processing control and data from a control plane forstorage in a common encrypted data storage, according to one embodiment.

FIG. 3 shows a systolic-matrix cryptographic module includingprogrammable input and output packet engines and a programmablecryptographic processing engine, according to one embodiment.

FIGS. 4 and 5 each show an example of a systolic-matrix array withtwo-dimensional computing paths, according to various embodiments.

FIG. 6 shows a security device implemented between a data source andencrypted data storage using an in-line configuration, according to oneembodiment.

FIG. 7 shows a security device implemented between a data source andencrypted data storage using a side-car configuration, according to oneembodiment.

FIG. 8 shows a security device interfacing with external and networkservices, according to one embodiment.

FIG. 9 shows an internal key manager of the cryptographic module thatcommunicates with an external key manager via an application programminginterface, according to one embodiment.

FIG. 10 shows a specific implementation of a programmable cryptographicmodule configured as a systolic array of FPGAs, according to oneembodiment.

FIG. 11 shows a multi-level independent security system, according toone embodiment.

FIG. 12 shows a security device as implemented in the security system ofFIG. 11, according to one embodiment.

FIG. 13 is block diagram of a cryptographic module as used in thesecurity device of FIG. 12, according to one embodiment.

DESCRIPTION

The following description and drawings are illustrative and are not tobe construed as limiting. Numerous specific details are described toprovide a thorough understanding. However, in certain instances, wellknown or conventional details are not described in order to avoidobscuring the description. References to one or an embodiment in thepresent disclosure are not necessarily references to the sameembodiment; and, such references mean at least one.

Reference in this specification to “one embodiment” or “an embodiment”means that a particular feature, structure, or characteristic describedin connection with the embodiment is included in at least one embodimentof the disclosure. The appearances of the phrase “in one embodiment” invarious places in the specification are not necessarily all referring tothe same embodiment, nor are separate or alternative embodimentsmutually exclusive of other embodiments. Moreover, various features aredescribed which may be exhibited by some embodiments and not by others.Similarly, various requirements are described which may be requirementsfor some embodiments but not other embodiments.

FIG. 1 shows a security processing system including a security device102 with a plurality of programmable cryptographic modules 104 and aprogrammable input/output interface 106, according to one embodiment. Aninterchangeable physical interface 108 is configured to receive aplurality of incoming packets from a data source (e.g., through physicalinterface 110). In one embodiment, the plurality of cryptographicmodules is configured using at least two systolic layers for processingof packets, control data, and keys as discussed further below.

Programmable input/output interface 106 is coupled to theinterchangeable physical interface and is configured to route each ofthe plurality of incoming packets to one of the cryptographic modules104 for encryption to provide a plurality of encrypted packets. Theprogrammable input/output interface 106 is configured to route theencrypted packets to a common internal or external data storage.

For outgoing packets, programmable input/output interface 106 routesencrypted packets to one of the cryptographic modules 104 fordecryption. The decrypted packets are then routed by programmableinput/output interface 106 to the data source.

In one embodiment, programmable input/output interface 106 isprogrammable to support different interface protocols, and each of theplurality of cryptographic modules 104 is programmable to supportdifferent encryption protocols (e.g., each module 104 may be programmedto support a different protocol). Programmable input/output interface106 may include one or more field-programmable gate arrays that areprogrammable to support the different interface protocols. In oneembodiment, programmable input/output interface 106 may be coupled tothe cryptographic modules 104 by a high-speed bus such as, for example,a PCI-e bus.

In one embodiment, the interchangeable physical interface 108 isconfigurable to support two different physical interfaces. In oneexample, the interchangeable physical interface 108 comprises areplaceable physical input/output panel (or card) that can be replacedindependently of the programmable input/output interface 106 and theplurality of cryptographic modules 104.

FIG. 1 also illustrates a control and display unit 114 coupled tocontrol operation of cryptographic modules 104, and also to send orreceive data over remote ports 112. Remote ports 112 may be, forexample, RS-232, USB, or GigEthernet ports. Remote ports 112 mayimplement communications using, for example, an SNMP protocol.

Control and display unit 114 provides drivers to a display and statuscontrol screen on the user panel 116. User panel 116 also provides softor hard buttons for user control and data input during the operation ofsecurity device 102. Various functions controllable on user panel 116include a zeroize control (to zeroize the keys), a crypto ignition key(to start the encryption process), a key fill port (to load the keys),and a system reset.

In one embodiment, security device 102 (which may be, e.g., implementedas a security appliance) is used to prevent data breaches by a hackertrying to gain access to encrypted data. In this embodiment, securitydevice 102 provides security, encryption, high-assurance,high-availability sustained bandwidths up to 400 Gbs (full duplex),programmability for data-at-rest and in-network applications. Thesecurity device 102 has an interchangeable I/O flexible module asdescribed above to support different physical (PHY) interface connectorsand electronics.

In one embodiment, use of the interchangeable I/O interface 108 andprogrammable I/O interface 106 (implemented using an FPGA I/O systolicarray) provides the following advantages:

-   -   1) The FPGA I/O systolic array can be programmed for different        interfaces and the interchangeable I/O is designed with the        selected interface's physical electronics and connectors. This        permits the main physical chassis of security device 102 to        remain unchanged and to readily use different interface options        that can be changed by a user.    -   2) The security device architecture in conjunction with the        interchangeable I/O provides a high-density connectors        capability. These flexible I/O design features can be programmed        for many different types of interfaces to maximize interfacing        flexibility to an end network application.    -   3) Scalable performance in programmable specified data rate        increments for each cryptographic module up to, e.g., six        modules which will have up to six times the programmed full        duplex data rates. Other lesser or greater numbers of        cryptographic modules may be used in other designs.

In one embodiment, flexible I/Os and flexible cryptographic (sometimessimply referred to as “crypto” herein) modules are accomplished by usinga scalable systolic architecture and crypto-modules and interchangeableinput/output (I/O) card, as described herein. The security device 102has programmable delay latencies for a specified data block size ofprogrammable bytes sizes. The security device architecture has twoprogrammable elements: the programmable crypto-module and theprogrammable flexible I/O.

In one embodiment, the flexible I/O has two components: The FPGAs can beprogrammed to support different interface protocols, and aninterchangeable physical I/O card is used to support the physicalinterfaces and connectors. The flexible I/O also has a switchingnetwork. The scalable and programmable crypto-module has a programmablefull duplex bandwidth consisting of high performance CPUs and FPGAsclocking up to maximum allowable clock rates internal to the FPGA. ThisCPU and FPGA in systolic-matrix configuration and implementationprovides a fully-programmable system to meet many differentapplications.

In one embodiment, the security device crypto-module design will beusing high performance CPU or equivalent processors and FPGAs forming aprogrammable systolic scalable module. The programmability efficienciesof design are realized by segmenting functional subsystems from packetengines, crypto engines, key handler and overhead-control managementengines. The I/O interface incorporates functional blocks (e.g., 100 GbsEthernet, PCI-express, Fibre channel, SAS, Infiniband, SCSI, or anyother high speed interface protocols) that are incorporated.

In one embodiment, the security device 102 can be both a media-levelencryptor and a file system encryptor. All data payload passing thrusecurity device 102 is encrypted except for the file systemheaders-commands (which remain in the clear). Therefore, the existingfile system will be intact with no drivers required for the end system.The only interface required is for the end system remote management andkey management products. This makes the security device transparent to auser or network storage system.

FIG. 2 shows a security processing system for receiving and encryptingdata packets from a non-encrypted data source 202 for storage in acommon encrypted data storage 204, according to one embodiment. Thesystem includes cryptographic modules 104. Each cryptographic module iscoupled between programmable high-speed input/output (I/O) interfaces206 and 208, which are each coupled to an interchangeable physicalinterface (see, e.g., interface 108 in FIG. 1). In one embodiment,interfaces 206 and 218 communicate with each other during security dataprocessing using, for example, a serial bus 216 (e.g., an Interbusserial bus).

Processor 210 handles control plane and data processing for thecryptographic modules 104 and the high-speed input/output interfaces206, 208, 218. In one embodiment, processor 210 is a control planeprocessor configured to control systolic data flow for the cryptographicmodules 104, and also to control loading of keys from an external keymanager to an internal key cache (see, e.g., FIG. 9 below).

Physical interface 212 receives a plurality of incoming packets fromdata source 202. The first programmable high-speed input/outputinterface 208 routes each of the plurality of incoming packets to one ofthe cryptographic modules 104 for encryption processing to provideencrypted packets. The second programmable high-speed programmableinput/output interface 206 routes the encrypted packets from thecryptographic module 104 to common encrypted data storage 204 viaphysical interface 214.

In one embodiment, the routing and switching functions of high-speedinterfaces 206 and 208 are provided by programmable input/outputinterface 106 of FIG. 1. In one embodiment interchangeable physicalinput/output interface 108 includes physical interface 212 and/or 214.

In one embodiment, each of the encrypted packets has a respective tag toidentify an original entry port (e.g., a port of high-speed I/Ointerface 208), keys or key addresses associated with each of theencrypted packets is decrypted by one of the cryptographic modules toprovide corresponding decrypted packets, and the first programmableinput/output interface 208 is further configured to use the respectivetag to route each decrypted packet back to its original entry port.

In one embodiment, each programmable input/output interface 206, 208,218 is programmable to support different interface protocols. Forexample, the first programmable input/output interface 208 may include aplurality of field-programmable gate arrays that are programmable tosupport the different interface protocols.

In one embodiment, the first programmable input/output interface 208 andthe second programmable input/output interface 206 each comprise aswitching network and a router (not shown) to route incoming packets(from data source 202 or data storage 204, respectively) to one of thecryptographic modules 104.

In one embodiment, each cryptographic module 104 is designed andprogrammed, and mathematically optimized for any cryptographicalgorithms and network IP protocols. The design can be scaled up to, forexample, six or more crypto modules. The security device 102 can bemathematically optimized, for example, for any cryptographic algorithmsfor full-duplex data rate performance.

In one embodiment, the security device architecture is adaptable to anyenterprise class data-at-rest or IP network solution due to the flexibleswitching I/O architecture. The flexible input and output switching I/Ointerfaces provide a significant cost advantage and homogeneous dataflow and relax the need for data separation. The security device may useFPGAs that bridge to the native I/O interface for the required number ofcrypto-modules. This allows a single crypto-module to be used with manypossible system implementations and configurations based on the endapplication I/O type and throughput requirements and also be scalablewith programmable data rate increments.

In one embodiment, the flexible switch I/O architecture described hereinincludes programmable I/O modules (using FPGAs) that function as a lowlatency bridge and switch between the native I/O to the targetdata-at-rest system and to the internal array of crypto-moduleprocessors. A pair of separated, designated programmable FPGA-based I/Ointerface modules bridges security device 102 to an industry standardnetwork. This scalability and flexibility enables security device 102 tobe inserted into existing or new storage network systems supportingscalable data rates.

In one embodiment, the flexible programmable I/O interface is adaptableto any enterprise, or mobile, class data-at-rest interface application.The flexible I/O architecture includes programmable I/O modules (usingFPGAs) that function as a low latency bridge between the native I/O ofthe target data-at-rest system and the internal array of crypto-modules.Flexible I/O programmability is based on FPGA-based modules that can beprogrammed to any industry standards or a custom interface to thestorage system fabric or IP network.

In one embodiment, security device 102 performs at data rates onlylimited by the technology used. The key-handling agility is matched tothe data rates. The internal key management is central to theperformance of the cryptographic module in this embodiment.

FIG. 3 shows a cryptographic module 104 including programmable input andoutput packet engines and a programmable cryptographic processingengine, according to one embodiment. More specifically, cryptographicmodule 104 comprises a programmable packet input engine 304, aprogrammable cryptographic engine 302, and a programmable packet outputengine 306. In one embodiment, packet engines 304 and 306 are coupled tocryptographic engine 302 using a high-speed serial or parallel bus 322(e.g., an Interbus bus) for control operations, and using high-speeddata busses for data transfer.

In one embodiment, the programmable packet input engine 304, theprogrammable cryptographic engine 302, and the programmable packetoutput engine 306 are each configured as a systolic-matrix array andeach include one or more field-programmable gate arrays (FPGAs)programmable to support different security protocols. In one example,the programmable packet input engine 304, the programmable cryptographicengine 302, and the programmable packet output engine 306 are eachcoupled to a respective dedicated program memory for each FPGA (e.g.,memory 310 or 312), and to a respective dedicated processor (not shown)to control programming of each FPGA. Each memory 310, 312 may be used,e.g., to provide data, keys buffering and/or storage.

In a method according to one embodiment, the first programmableinput/output interface 208 (see FIG. 2) includes a field-programmablegate array (FPGA), and the method includes programming the FPGA tosupport a different interface protocol than previously used forreceiving incoming data packets. In this method, each of the pluralityof cryptographic modules 104 includes programmable systolic packet inputengine 304, programmable systolic-matrix cryptographic engine 302, andprogrammable systolic-matrix packet output engine 306. The methodfurther includes programming an FPGA of the packet input engine 304, anFPGA of the cryptographic engine 302, and an FPGA of the packet outputengine 306.

In one embodiment, a top systolic layer includes FPGAs 308, 318, and320, which are coupled to systolic packet engines 304, 306 andcryptographic engine 302, each also including an FPGA, in order to forma two-dimensional systolic-matrix array for data and control processing.

In one embodiment, each crypto module 104 has input and output packetengines and the crypto core. The crypto module has a systolic cryptoengine that is tightly coupled to the input and output systolic packetengines. Each element in the crypto module has a dedicatedhigh-performance CPU plus its memory, and dedicated memory to theinput-output systolic packet engines and crypto core buffer/storagememory.

In one embodiment, each FPGA(s) array has a dedicated program memory.Also, a compression engine (included, e.g., in auxiliary engines 314) isincluded for data compression or other data processing required.

In one embodiment, the crypto module of FIG. 3 uses secure boot 316 toverify the FPGA code and that any software (SW) within the crypto moduleis encrypted-secure and authenticated. During the secure boot process,if any anomalies are detected, the system will not boot and further mayprovide a user alert that issues have been detected. The secure boot 316may be designed to work with existing industry key manager systems.

In one embodiment, the crypto module design of FIG. 3 provides featuressuch as hard-wired, one-time programmable options and customanalog/digital circuits for flexible physical partitioning forun-encrypted (plain text) and encrypted (cipher text) separation.

FIGS. 4 and 5 each show an example of a systolic-matrix array withtwo-dimensional computing paths, according to various embodiments. FIG.4 shows FPGAs 402 organized in a systolic-matrix array for data, keysand control processing of security packets. Although FPGAs are shownforming the systolic-matrix array in FIG. 4, other forms of programmabledevices, or other types of data processing units or processors may beused to form the systolic-matrix array in other embodiments (e.g., ASICsmay be used). FIG. 5 shows an alternative configuration forsystolic-matrix array comprising FPGAs 502 for data control processingof security packets.

In one embodiment, each cryptographic module 104 is implemented using asystolic-matrix array configuration. For example, cryptographic module104 as illustrated in FIG. 3 is configured in a systolic-matrix arraysuch as the basic form illustrated in FIG. 4. In addition, in oneembodiment, the input and output packet engines 304, 306 and/or thecryptographic processing engine 302 for each cryptographic module 104are also each themselves designed with an internal systolic-matrix arrayarchitecture. For example, the cryptographic processing engine 302 maybe configured in a systolic-matrix array configuration such asillustrated in FIG. 5. In another example, each packet engine may itselfhave the systolic array configuration of FIG. 4 or FIG. 5, or yet othersystolic array configurations, as part of its internal sub-blockprocessing architecture.

Thus, as described above, in some embodiments, security device 102 isconfigured with a two or greater multiple-layer systolic-matrix arrayarchitecture. In this architecture, each cryptographic module 104 has asystolic-matrix array configuration (i.e., a top systolic array layer),and each of the packet engines and/or cryptographic processing enginehas an internal systolic-matrix array configuration (e.g., in a lowersystolic array layer formed of FPGAs that is logically underneath thetop systolic-matrix array layer). The multiple-layers above combinedwith two-dimensional systolic arrays provides a three-dimensionalsystolic-matrix architecture for security device 102.

FIG. 6 shows security device 102 implemented between a data source 604and encrypted data storage 204 using an in-line configuration, accordingto one embodiment. In one example, security device 102 is installed asan enterprise high-performance data storage encryption andauthentication appliance. The security device is installed as in-line(bump in the wire) between the data storage arrays. Security device 102also interfaces with management console 602 and external key managerconsole 603.

FIG. 7 shows security device 102 implemented between data source 604 andencrypted data storage 204 using a side-car configuration, according toone embodiment. In one example, security device 102 is installed as adata storage encryption and authentication appliance as side car (off tothe side of the data storage). Security device 102 also interfaces withmanagement console 602 and external key manager console 603.

FIG. 8 shows security device 102 interfacing with external and networkservices, according to one embodiment. In particular, security device102 is interfaced with a management console consisting of external keymanager 802, network services management 804, and any other requiredexternal management services 806.

FIG. 9 shows an internal key manager 902 of cryptographic module 104that communicates with an external key manager 906, according to oneembodiment. Each of the plurality of cryptographic modules 104 comprisesinternal key manager 902, which is coupled via an applicationprogramming interface (API) 904 to external key manager 906. Keysreceived via API 904 are stored in one of multiple key caches 908 foruse by the cryptographic modules 104 during encryption or decryption ofincoming packets. In one embodiment, control plane processor 210controls loading of the keys from API 904 to one of key caches 908.

In one embodiment, each of the incoming packets to a cryptographicmodule 104 includes a key tag to identify at least one key associatedwith the packet to be security processed, and further may also include asource tag to identify a data source and keys for the packet. Theinternal key manager 902 is configured to retrieve the keys from one ofkey caches 908 using the key tag for the packet to be processed by therespective cryptographic module 104.

In one embodiment, programmable input/output interface 106, 206, and/or208 is further configured to route a packet to one of the plurality ofcryptographic modules 104 based on the source tag.

In one embodiment, each of the plurality of cryptographic modules 104may be physically partitioned from the other of the cryptographicmodules. In one embodiment, other key features of security device 102may include the ability to interface or port third party key managementsoftware and network management software.

Various additional, non-limiting embodiments of security device 102 arenow described below. In one or more embodiments, security device 102 mayprovide one or more of the following advantages:

1. A fast data rate encryptor at hundreds of gigabits full duplex (e.g.,for meeting future optical network data rates).

2. A programmable systolic architecture consisting of FPGAs and CPUs.The security device is flexible and programmable requiring only softwareupgrades for different versions and features.

3. Multi-tenancy to secure individual user's data. Each user's data willbe encrypted/decrypted using a unique key per the user. In this way,each user's data will be uniquely encrypted/decrypted and stored in acommon data storage area. If by operator or machine error the wrong datais accessed and mistakenly sent to another user, the data is still safesince it is not decrypted by the correct user key.

4. A multi-level security architecture to secure different levels ofclassified data using a single encryptor. Each classification of datawill be encrypted/decrypted using a unique key per the data class. Inthis way, each classification of data will be uniquelyencrypted/decrypted and stored in a common storage area. If by operatoror machine error the wrong data is accessed and mistakenly sent toanother level of classification, the data is still safe since it is notdecrypted by the correct user key. Various embodiments for a multi-levelsecurity architecture are discussed below in the section titled“Multi-Level Independent Security System”.

5. A high-speed key agility, key tagging-identication, key associationand storage for millions of keys.

6. A flexible high-density I/O to interface to network equipment atmultiple customer (or other source) sites. Also, the flexible I/O can beprogrammed for mixed interface types (e.g., 10 Gbs Ethernet, Infiniband,or PCI-express), thus requiring no interface bridging network equipment.

7. A replaceable, flexible I/O physical panel that can be customized fora specific network installation without the need to re-design the mainchassis of security device 102.

8. A secure boot to protect, authenticate the CPUs, FPGAs firmware andsoftware (SW) codes.

FIG. 10 shows a specific implementation of a programmable cryptographicmodule configured as a systolic-matrix array of FPGAs, according to oneembodiment. In particular, the system of FIG. 10 is an exemplaryimplementation of cryptographic module 104 as was discussed for FIG. 3above.

Specifically, un-encrypted or plain text data (e.g., incoming datapackets) enters physical interface 1014 and is routed by programmableinput interface 1010 to packet input engine 1002. Data packets arerouted by input engine 1002 to an appropriate cryptographic core incryptographic processing engine 1006.

A security association (SA) key lookup is used in packet engine 1002 or1004 to determine appropriate keys for loading from a key memories arrayto cryptographic engine 1006 via a key manager interface or as definedin the packet header. These keys are used for security processing of thecorresponding data packet.

After encryption by processing engine 1006, encrypted packets areprovided to packet output engine 1004 for routing to programmable outputinterface 1012. The encrypted data leaves via physical interface 1016.

Programmable interfaces 1010 and 1012 may be formed using FPGAs or otherprogrammable devices (e.g., as described above for I/O interfaces 106 or208 of FIGS. 1 and 2). In one embodiment, physical interfaces 1014 and1016 may form a part of interchangeable physical input/output interface108. In one embodiment, physical interface 108 is implemented as aremovable physical card.

In one embodiment, FPGAs 1008, 1018, and 1020 form a portion of thesystolic-matrix array configuration illustrated in FIG. 10 and may becoupled to the packet input and output engines and cryptographicprocessing engine using serial buses. The packet input and outputengines and cryptographic engine are formed using FPGAs to provide atwo-dimensional systolic array of a top systolic layer. In one example,data and control processing is performed in two dimensions using the sixFPGA units (e.g., FPGA 1008 and packet input engine 1002) as illustratedin FIG. 10.

In one embodiment, the sub-blocks in the packet input engine 1002 orpacket output engine 1004 such as packet routing, packet multiplexer,and IP context lookup are implemented in a systolic-matrix arrayconfiguration as was discussed above. Data comes into the packet engine,and the packet engine looks at the packets, including the context, anddecides where to route each packet. Then, the packet engine determinesthat a packet requires a particular security association, which isimplemented using a key lookup. The packet engine associates the key tothe incoming data. The key is read out, and the data is encrypted ordecrypted in one of the crypto cores.

In one embodiment, high-speed memory is coupled to the input and outputpacket engines, and may be any type of high-speed memory in variousembodiments.

In one embodiment, all primary processing works in a matrix. Data isconstantly flowing in two dimensions. For example, data is flowinghorizontally, keys are flowing up vertically, and control information isflowing down vertically as part of the two-dimensional processing.

Variations

Additional variations, details, and examples for various non-limitingembodiments are now discussed below. In a first variation, withreference to FIG. 1, the programmable input/output interface 106 is arouter/switch that selects one of the crypto modules 104 to receiveforwarded packets. A router and switch are incorporated inside theinput/output interface 106. For example, if a first packet comes througha second port, the first packet will be routed to crypto module numbersix. Crypto module number six will later route the first packet back outthrough that same second port of original entry.

There may be two components to the programmable I/O interface. On oneside, the interface programs the type of I/O that is desired. The otherside of the interface is the router/switch. The router/switchmultiplexer knows which crypto module 104 is to receive a given packet.Also, the router/switch knows which crypto module is ready forprocessing of a packet. For example, if crypto module number one isready for processing, it will flag itself as being ready for processing.For example, there is a semaphore flag or packet header bits used thattells I/O interface 106 which module is ready to process data. Whateverport is used to bring in the data, that data will be processed in one ofthe crypto modules, and then tagged out back to the same port when laterbeing decrypted and sent out from storage (e.g., the packet is taggedwith some identification of the port using a tag). The tag is used toredirect the packet back to the correct port of original entry.

The crypto module has a security association that determines which keysgo with which packet. The programmable input/output may allowprogramming of different applications because of the use of FPGAs. Theback end of the router/switch will accommodate the type of input/outputto be used. The router/switch will identify the crypto module to beused. When reprogramming the programmable interface 106, a new physicalinterface needs to be interchanged or installed. The main securitydevice chassis is not changed out-only the I/O portion is being changed.

In one embodiment, remote ports 112 are basically control ports. Theprotocol for the remote port may typically be a Simple NetworkManagement Protocol (SNMP) protocol or any other management protocols.The key fill port is where the keys are filled into the security device.The crypto ignition key ignites the security device.

With reference to FIG. 2, the Interbus serial bus (mentioned above)coordinates the operation of the two input/output interfaces 206, 218.The Interbus handles any protocol issues between the router and theswitch functions of these interfaces. The Interbus is used to providecommunication between the FPGAs of the systolic array during operationof the security device. In one example, the Interbus helps to coordinateoperation as to which crypto module 104 will receive an incoming packet.

Processor 210 manages control plane operation. Processor 210 alsoconfigures components when a new security protocol will be used, usesrouting tables, sets the configuration, sets up the programmability, andsets up the power-on self-test. Processor 210 also may facilitate keyloading. The key fill port on the front of user panel 116 operates undercontrol by processor 210.

With reference to FIG. 3, a secure boot is used to guarantee that thedata booted into the FPGAs of the cryptographic module 104 is proper.The secure boot is executed when the unit is turned on or at boot-up.The code is authenticated by the system. The FPGAs are programmed atevery boot up of the unit, or any time that the unit is reset. Eachcrypto module may have its own CPU which controls programming.

With reference to FIG. 8, external key management 802 is a location thatthe keys may be stored for passing to the security device 102. A networkoperator loads the keys into the external key management 802. Thesecurity device 102 loads the keys into the crypto modules. There is keytagging in the packet headers and inside the crypto module. When apacket comes into the security device 102, the packet is associated witha given key, and the packet contains information used to route thepacket. The external key management can load keys in real-time or only asingle time. Network services management 804 is remote management whichprovides control status, setting-up of the security device unit, andsending of the status back to a user. The other external managementservices 806 could be used to track how many other units are in thefield, what the units are doing, whether each unit is running, and whatconfiguration the unit is in.

In one embodiment, data packets include key tags, customer tags, andpacket tags. The packet tag tells what type of packet is coming in. Thecustomer tag identifies the company or source of the data. The key tagtells what key goes with what packet. Each tag is looked at by thepacket engine to determine how the packet is going to be routed withinthe crypto module 104.

Now discussing an embodiment regarding flexible physical partitioning,each cryptographic module 104 may be physically isolated by design. So,only a certain packet will go through a module number one and onlycertain other packets will go through module number two. For example,crypto module number one may only process a certain style of packet.Crypto module number two may only process packets for a particularcustomer. Thus, it is physically partitioned. For example, customernumber one's data is tagged as belonging to customer number one, forsending it to the specific crypto module. The router determines thisrequirement, and only that particular crypto module can process thatcustomer's packet.

Regarding internal key management in the crypto module's performance,the key manager loads the keys, and further decides how the keys aredispersed within the crypto module based on the tagging of the incomingdata packet. Keys are stored in the selectable key cache 908. The keymanager decides based on the tagging of the data packet what keys willbe associated with the current packet. This provides key agility.

With reference to FIG. 9, API 904 may be programmed to map into any ofseveral different external key managers 906. The use of API 904 thusprovides increased flexibility.

Multi-Level Independent Security System

FIG. 11 shows a multi-level independent security system, according toone embodiment. This system uses four input/output ports 1106 (I/Os) foreach of several classified levels such as, e.g., top secret (TS), secret(S), confidential (C) and unclassified (UNC). It should be noted that inother embodiments the number of levels may be lesser or greater.

Ports 1106 are coupled to a security device 1102, which includesmultiple key caches 1104. Security device 1102 receives data from one ofports 1106, encrypts the data, and sends the data for storage in acommon encrypted data storage 204 (storage 204 may be, for example, astorage area or a network). In one embodiment, security device 1102 maybe implemented based on security device 102 as was discussed above forFIGS. 1-10.

In one embodiment, the security system includes a plurality of datainput ports 1106, each port corresponding to one of a plurality ofdifferent levels of security classification (e.g., top-secret orsecret). Security device 1102 is configured for cryptographic processingincluding encryption and decryption of incoming data received from oneof the plurality of input ports 1106. The incoming data includes firstdata having one of several predefined classification levels.

Security device 1102 includes a key manager (not shown). The key managermay be implemented as was discussed, for example, above for internal keymanager 902 of FIG. 9, or as discussed below with respect to the keystore controller of FIG. 13. The key manager is configured to select aset of keys from a plurality of key sets, each of the key setscorresponding to one of the different levels of security classification.This set of keys is used by the security device to encrypt the firstdata. Common encrypted data storage 204 receives the encrypted firstdata from the security device for storage.

In one embodiment, security device 1102 comprises a cryptographic module(not shown), and the key manager is an internal key manager of thecryptographic module. In one embodiment, the system comprises aplurality of key caches 1104, wherein the key manager is coupled to anexternal key manager (e.g., external key manager 906 of FIG. 9 as wasdiscussed above). The keys received from the external key manager arestored in one of the key caches for use by security device 1102 duringencryption of incoming data packets.

In one embodiment, security device 1102 comprises a plurality ofcryptographic modules (discussed below), and each cryptographic moduleis dedicated to perform security processing for only one of thedifferent levels of security classification. In one embodiment, thesystem further comprises key caches 1104. In one embodiment, each of thecryptographic modules is physically isolated from the other of thecryptographic modules.

In one embodiment, the first data is a first data packet comprising atag that identifies one of the levels of security classification. Thesystem further comprises an interface (not shown) between the inputports and the cryptographic modules. The interface routes the first datapacket to one of the cryptographic modules based on the tag.

In one embodiment, the interface between the input ports and thecryptographic modules is a programmable input/output interface (e.g., aswas discussed above with respect to FIG. 1). The programmableinput/output interface may be programmable to support differentinterface protocols, and each of the plurality of cryptographic modulesmay be programmable to support different encryption protocols. Theprogrammable input/output interface may include one or morefield-programmable gate arrays that are each programmable to support thedifferent interface protocols.

In one embodiment, a multi-level secure storage encryption system isused (e.g., for military or government-centric intelligence systems) toencrypt and store different classified data using a single secure,trusted encryptor (e.g., security device 1102) and store the encrypteddata in a common storage array or area (e.g., common encrypted datastorage 204).

In one embodiment, a multi-level secure storage encryption system uses asingle encryption method where the encrypted data is consolidated andstored in a common data storage array or site (e.g., common encrypteddata storage 204). This avoids having to implement different,physically-separated storage systems as used in prior approaches.

In one embodiment, a multi-level security architecture to securedifferent levels of classified data uses a single encryptor. Eachclassification of data is encrypted/decrypted using a unique key foreach data class (e.g., top secret or secret). In this way, eachclassification of data is uniquely encrypted/decrypted and stored in acommon data storage area. If by operator or machine error the wrong datais accessed and mistakenly sent to another level of classification, thedata is still safe since it cannot be decrypted by the proper user key.

FIG. 12 shows security device 1102 as implemented in the security systemof FIG. 11, according to one embodiment. Incoming data ports 1106 arecoupled to a multiplexer 1208, which routes incoming data packets to theappropriate one of cryptographic modules 1204 (e.g., based oninformation associated with the data packet such as in a header of thepacket).

In one embodiment, each of the cryptographic modules 1204 comprises apacket input engine (not shown in FIG. 12) and a cryptographic engine(not shown in FIG. 12), each configured for data processing as part of atwo-dimensional systolic array (e.g., as was discussed above withrespect to FIGS. 3-5).

An appropriate set of keys is selected (e.g., by using a key storecontroller, as discussed below in FIG. 13) from one of key caches 1104.For example, keys corresponding to a top secret (TS) level ofclassification are selected from the TS key cache for processing datapackets in TS cryptographic module 1204 that are received from TS port1106. After encryption, the TS data packets are routed by multiplexer1210 to common encrypted data storage 204.

In one embodiment, a security processing method includes receivingincoming data from data ports 1106, wherein the incoming data includesfirst data having a first classification level; encrypting the firstdata using a first set of keys selected from a plurality of key sets(e.g., key selected from TS key cache 1104); and writing the encryptedfirst data into common encrypted data storage 204. In one embodiment,the first data is encrypted using cryptographic module 1204, and themethod further comprises zeroizing the cryptographic module after theencrypting of the first data.

In one embodiment, the first data is a first data packet, and the methodfurther comprises adding a benign tag (or an alternative form of tag) toa header of the first data packet to indicate a classification level atwhich the first data packet is being stored.

In one embodiment, the method further comprises reading the first datapacket from the common encrypted data storage 204; verifying theclassification level of the first data packet using the tag; andaddressing a key store controller to select a key associated with thefirst data packet to use in decrypting the first data packet; loadingthe selected key into a cryptographic core (e.g., a cryptographic corelocated in TS cryptographic module 1204); and decrypting the first datapacket using the cryptographic core.

In one embodiment, the method further comprises selecting, by the keystore controller, one of the data ports 1106; and routing the decryptedfirst data packet to the data port selected by the key store controller.

In one embodiment, the method further comprises routing the first datapacket from the common encrypted data storage 204 using a fail safemultiplexer (e.g. multiplexer 1210); sending the first data packet tothe cryptographic core for decryption; and zeroizing the fail safemultiplexer and the cryptographic core after each classified level ofdata is processed.

In one embodiment, the method further comprises reading the first datapacket from a common un-encrypted data network (e.g., as received overone of incoming data ports 1106); verifying the first classificationlevel of the first data packet using the benign tag; addressing a keystore controller to select a key associated with the first data packetto use in encrypting the first data packet; loading the selected keyinto a cryptographic core; and encrypting the first data packet usingthe cryptographic core.

In one embodiment, the method further comprises routing the first datapacket from the common un-encrypted data network using a fail safemultiplexer; sending the first data packet to the cryptographic core forencryption; and zeroizing the fail safe multiplexer and thecryptographic core after each classified level of data is processed.

FIG. 13 is block diagram of a cryptographic module 1204 as used in thesecurity device 1102 of FIG. 12, according to one embodiment. Thecryptographic module is dedicated to perform encryption and decryptionfor one of the different levels of security classification. Thecryptographic module is coupled to receive incoming data from one of theplurality of data ports 1106 discussed above, and the incoming dataincludes first data having a first classification level. Incoming datafrom one of packet input engines 1306 is routed by fail safe multiplexer1310 to cryptographic core 1302 for encryption.

Key store controller 1320 selects a first set of keys from the pluralityof key sets (as discussed above) to encrypt the first data by thecryptographic module. A packet write engine 1314 sends the encryptedfirst data to common data storage 204. In one embodiment, the first dataincludes a tag identifying the first classification level, and the firstdata has been routed to the cryptographic module based on the tag.

In one embodiment, the cryptographic module further includes a key storecontroller 1322 to select, based on a control signal, a second set ofkeys from the plurality of key sets to use in decrypting the first data(e.g., these keys may be selected from the appropriate one of key caches1104); and a packet read engine 1316 that reads the encrypted first datafrom the common data storage 204. Packet read engine 1316 provides thecontrol signal to the key store controller 1322. The encrypted firstdata is decrypted by cryptographic core 1304. The decrypted data isrouted by fail safe demultiplexer 1312 to one of several packet outputengines 1308. Each packet output engine 1308 corresponds to one of thelevels of security classification.

In one embodiment, the cryptographic module includes a programmablesystolic packet input engine, a programmable systolic cryptographicengine (e.g., cryptographic cores 1302 and 1304 are implemented using asystolic architecture as was discussed above), and a programmablesystolic packet output engine.

In one embodiment, a multi-level secure architecture has four I/Os foreach classified level: top secret (TS), secret (S), confidential (C) andunclassified (UNC). Each classified input uses packet input engine 1306to process, detect, or modify packet headers of the incoming datapackets and to insert header bits to denote and authenticate theclassified data prior to sending to fail safe multiplexer (MUX) 1310.

In one embodiment, the fail safe MUX 1310 is configured to ensure thatthe data from different classified levels will not mix with other datafrom a different classified level. If there is a failure in the MUX, theMUX will fail safe in a safe state. The MUX will also zeroize itselfafter each classified level of data is processed. This leaves no datafrom the last processing in the MUX (i.e., the data is erased).

In one embodiment, a MUX arbiter 1318 addresses the fail safe MUX 1310.The MUX arbiter 1318 is controlled by the respective level's packetinput engine 1306. Based on inputs from the packet input engines 1306,the MUX arbiter 1318 decides what packet is processed by the fail safeMUX.

In one embodiment, each respective packet input engine 1306 alsoaddresses a write key store controller 1320. The write key storecontroller 1320 may be configured with a fail safe design to addresseach separate classified key storage memory and send the selected key tocryptographic core (“crypto core”) 1302.

In one embodiment, in a write cycle the crypto core 1302 encrypts thedata with the selected key per the classified data. The encrypted outputof the crypto core 1302 is sent to the packet write engine 1314. Thepacket write engine will add a benign data tag to the header indicatingthe level at which data is being stored. In one embodiment, the benigntag is a generic and will not indicate the actual level of classifiedencrypted data being stored. In other embodiments, the benign tag mayindicate the level of classified data. After the encryption cycle, thedata that was processed is zeroized (i.e., erased).

In one embodiment, in a read cycle encrypted data from common encrypteddata storage 204 is loaded into packet read engine 1316, whichauthenticates the data and verifies the benign generic tag as to thelevel of storage of the classified data. The packet read engine 1316then addresses the read key store controller 1322 for the associatedkey. The selected key is loaded into crypto core 1304, and the data fromthe packet read engine 1316 is decrypted. After this decryption cycle,the data that was processed is zeroized (i.e., the data is erased).

In one embodiment, the read key store controller 1322 addresses andselects an output port where the decrypted data is sent for an output offail safe demultiplexer (DEMUX) 1312. If there is a failure in theDEMUX, the DEMUX will fail safe to a safe state. The DEMUX will alsozeroize itself after each classified level of data is processed. Thus,this leaves no data from the last processing in the DEMUX. The output ofthe DEMUX is active per the selected output port. Each output of theDEMUX is physically isolated per the classified data path.

Additional variations, details, and examples for various non-limitingembodiments of the multi-level security system are now discussed below.In a first variation, data paths in the security system are physicallyisolated. A packet is tagged with a customer identification and thepacket will only go through one cryptographic module, which correspondsto the appropriate level of data classification. The cryptographicmodules are physically partitioned. In an alternative embodiment, datafor each of the different classification levels is processed in asingle, common cryptographic module, which is zeroized after processingeach level of classification. In one variation, the fail safemultiplexer 1310 may be a switch such as used inside high-speedinput/output interfaces 206 and 208 of FIG. 2 discussed above.

In one example, when using only one cryptographic module, the selectionof the appropriate keys for a classification level is how datapartitioning is accomplished. For example, for top secret data, only atop secret key can be used to encrypt or decrypt the top-secret data.Afterwards, the cryptographic module is zeroized. Then, confidentialdata may be processed by the cryptographic module using a key forconfidential data. There is a tag on the packet that identifies thelevel of classification. So, an incoming top secret packet will line upwith a top secret key and a top secret algorithm.

In another variation, encrypted top secret data is read from common datastorage 204. After decrypting the packet using the appropriate level ofkey, the packet is routed to the top secret port. The packet outputengines 1308 are physically isolated. The zeroize command zeroizes thecryptographic core and the key store controller after processing the topsecret data (this zeroizing is done before loading a new set of keys).In this variation, the cryptographic engine is zeroized after operationat each level of classification because the cryptographic engine isbeing shared with multiple classification levels.

Closing

At least some aspects disclosed can be embodied, at least in part, insoftware. That is, the techniques may be carried out in a computersystem or other data processing system in response to its processor,such as a microprocessor, executing sequences of instructions containedin a memory, such as ROM, volatile RAM, non-volatile memory, cache or aremote storage device.

In various embodiments, hardwired circuitry may be used in combinationwith software instructions to implement the techniques. Thus, thetechniques are neither limited to any specific combination of hardwarecircuitry and software nor to any particular source for the instructionsexecuted by the data processing system.

Although some of the drawings may illustrate a number of operations in aparticular order, operations which are not order dependent may bereordered and other operations may be combined or broken out. While somereordering or other groupings are specifically mentioned, others will beapparent to those of ordinary skill in the art and so do not present anexhaustive list of alternatives. Moreover, it should be recognized thatvarious stages or components could be implemented in hardware, firmware,software or any combination thereof.

In the foregoing specification, the disclosure has been described withreference to specific exemplary embodiments thereof. It will be evidentthat various modifications may be made thereto without departing fromthe broader spirit and scope as set forth in the following claims. Thespecification and drawings are, accordingly, to be regarded in anillustrative sense rather than a restrictive sense.

What is claimed is:
 1. A system, comprising: a plurality of input ports,each input port corresponding to one of a plurality of different levelsof security classification; a security device, configured forcryptographic processing, coupled to receive incoming data from each ofthe plurality of input ports, wherein the incoming data includes firstdata having a first classification level, wherein the security devicecomprises a plurality of cryptographic modules, wherein eachcryptographic module is configured to perform security processing for atleast one of the different levels of security classification, andwherein each of the cryptographic modules comprises a cryptographicengine configured for data processing using a systolic array; and a keymanager configured to select a first set of keys from a plurality of keysets, each of the key sets corresponding to one of the different levelsof security classification, wherein the first set of keys is used by thesecurity device to encrypt the first data; wherein the security deviceis further configured to send the encrypted first data to a storagedevice.
 2. The system of claim 1, wherein the plurality of cryptographicmodules includes a first cryptographic module, and the key manager is aninternal key manager of the first cryptographic module.
 3. The system ofclaim 1, further comprising a plurality of key caches, wherein the keymanager is coupled to an external key manager, and keys received fromthe external key manager are tagged-identified and stored in one of theassociated key caches for use by the security device during encryptionof incoming data packets.
 4. The system of claim 1, wherein eachcryptographic module is dedicated to perform security processing foronly one of the different levels of security classification.
 5. Thesystem of claim 4, wherein each of the cryptographic modules isphysically isolated from the other of the cryptographic modules.
 6. Thesystem of claim 1, further comprising: a plurality of key caches,wherein keys are stored in each of the key caches for use by a selectedone of the cryptographic modules during encryption of the incoming data.7. The system of claim 1, wherein the first data is a first data packetcomprising a tag that identifies one of the levels of securityclassification, and the system further comprising an interface betweenthe input ports and the cryptographic modules, the interface to routethe first data packet to one of the cryptographic modules based on thetag.
 8. The system of claim 7, wherein the interface between the inputports and the cryptographic modules is a programmable input/outputinterface.
 9. The system of claim 8, wherein the programmableinput/output interface is programmable to support different interfaceprotocols, and each of the plurality of cryptographic modules isprogrammable to support different encryption protocols.
 10. The systemof claim 9, wherein the programmable input/output interface includes atleast one field-programmable gate array programmable to support thedifferent interface protocols.
 11. The system of claim 1, wherein eachof the cryptographic modules further comprises a packet input engine,each packet input engine configured for data processing using a systolicarray.
 12. A method, comprising: receiving incoming data from aplurality of data ports, each port corresponding to one of a pluralityof different levels of security classification, wherein the incomingdata includes first data having a first classification level; encryptingthe first data using a first set of keys, the first set of keys selectedfrom a plurality of key sets, each of the key sets corresponding to oneof the different levels of security classification, wherein the firstdata is encrypted by a cryptographic module configured for dataprocessing using a systolic array; and writing the encrypted first datato a storage device.
 13. The method of claim 12, further comprisingzeroizing the cryptographic module after the encrypting of the firstdata.
 14. The method of claim 12, wherein the first data is a first datapacket, the method further comprising adding a benign tag to a header ofthe first data packet to indicate a classification level at which thefirst data packet is being stored.
 15. The method of claim 14, furthercomprising: reading the first data packet from the storage device;verifying the classification level of the first data packet using thebenign tag; and addressing a key store controller to select a keyassociated with the first data packet to use in decrypting the firstdata packet; loading the selected key into a cryptographic core; anddecrypting the first data packet using the cryptographic core.
 16. Themethod of claim 15, further comprising: selecting, by the key storecontroller, one of the data ports; and routing the decrypted first datapacket to the data port selected by the key store controller.
 17. Themethod of claim 15, further comprising: routing the first data packetfrom the storage device using a fail safe multiplexer; sending the firstdata packet to the cryptographic core for decryption; and zeroizing thefail safe multiplexer and the cryptographic core after each classifiedlevel of data is processed.
 18. The method of claim 14, furthercomprising: reading the first data packet from a common un-encrypteddata network; verifying the first classification level of the first datapacket using the benign tag; addressing a key store controller to selecta key associated with the first data packet to use in encrypting thefirst data packet; loading the selected key into a cryptographic core;and encrypting the first data packet using the cryptographic core. 19.The method of claim 18, further comprising: routing the first datapacket from the common un-encrypted data network using a fail safemultiplexer; sending the first data packet to the cryptographic core forencryption; and zeroizing the fail safe multiplexer and thecryptographic core after each classified level of data is processed. 20.A system, comprising: a plurality of data ports, each port correspondingto one of a plurality of different levels of security classification; aplurality of cryptographic modules, each cryptographic module comprisingat least one processor or field-programmable gate array (FPGA) anddedicated to perform encryption and decryption for at least one of thedifferent levels of security classification, each cryptographic modulecoupled to receive incoming data from one of the plurality of dataports, and the incoming data including first data having a firstclassification level, wherein the first data is encrypted using a firstcryptographic module of the cryptographic modules, and the firstcryptographic module is configured for data processing using a systolicarray; at least one key cache storing a plurality of key sets, each ofthe key sets corresponding to one of the different levels of securityclassification, wherein a first set of keys is selected from theplurality of key sets to encrypt the first data by the firstcryptographic module; and a packet write engine configured to send theencrypted first data to a storage device.
 21. A system, comprising: aplurality of data ports, each port corresponding to one of a pluralityof different levels of security classification; a first cryptographicmodule configured to selectively receive incoming data from a first oneof the plurality of data ports, the first cryptographic moduleconfigured to encrypt the incoming data using a first key set from aplurality of key sets, each of the plurality of key sets correspondingto one of the different levels of security classification, both thefirst key set and the incoming data having a first level of thedifferent levels of security classification; and a second cryptographicmodule configured to decrypt outgoing data using the first key set andoutput the decrypted outgoing data to a second one of the plurality ofdata ports, both the outgoing data and the second one of the pluralityof data ports having the first level.
 22. The system of claim 21,further comprising a data storage for storing the incoming data andoutgoing data.
 23. The system of claim 22, further comprising: a firstmultiplexer coupled between the plurality of data ports and the firstcryptographic module for selecting the first one of the plurality ofdata ports; and a second multiplexer coupled between the plurality ofdata ports and the second cryptographic module for selecting the secondone of plurality of data ports.
 24. The system of claim 21, wherein theoutgoing data includes a tag identifying the first level.